How to Connect to Your FreeNAS Server via SSH Without A Password; Password Free Logins via Public Key Authentication
If you connect to your FreeNAS server often with SSH or want to run rsync via SSH then it can be very useful to setup what is called public key authentication. In public key authentication rather than using a password to grant access the SSH client and the SSH server exchange keys and so confirm the identity of the client.
The firs step is to make sure that you have a user with shell access. To check goto Access->Users and either edit and existing user or create a new user and make sure the “Shell access” box is ticked. You also need to be sure that the SSH server is running. Check this on the Services->SSH page.
SSH is very fussy about user permissions. If the home directory of your user isn’t owned by the user, SSH login with public key will fail. If you have this problem the SSH log will show something like Authentication refused: bad ownership or modes for directory /mnt/store. To fix this you need to create a directory beneath your mount point for that user, i.e. /mnt/store/bob and the Home directory needs to be set to this on the Access->Users page for that user.
In this example I will use OS X (it should be almost identical for Linux but for Windows users you will need to use PuTTY and PuTTYgen).
On the client machine open a terminal window and enter the command:
ssh-keygen -q -f ~/.ssh/id_rsa -t rsa
When prompted for a password just hit ENTER twice:
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
This will generate what is known as a private key and a public key. The private key must be kept save and secure and you must never distribute it in any form whatsoever. However the public key is for public consumption and this is what we will copy over to the FreeNAS server.
So to copy the public key to the FreeNAS server, user the following command:
scp ~/.ssh/id_rsa.pub email@example.com:
Where bob is the username with shell access and 192.168.1.250 is the address of your FreeNAS machine.
When prompted for the password enter it:
id_rsa.pub 100% 402 0.4KB/s 00:00
Now login to your FreeNAS machine using SSH:
ssh -l bob 192.168.1.250
And enter the password when prompted.
Now the public key of your client machine needs to be added to the list of authorized clients that connect. To do this run the following commands:
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
The first command will add the key to the list of authorized keys, the second will ensure that the permissions are set correct on that file and the third will delete the .pub file you copied over with the scp command as it is now longer needed.
And that is it. You can now logout and now connect again with SSH and it should connect directly without asking for a password.
If you find that everything doesn’t work as planned they check the Diagnostics->Log page and select SSH from the drop downbox and see what is being logged.